All right, you got hacked. It happens to many webmasters, even despite the hard work you devote to prevent this type of thing from happening. Prevention tips include keeping your site updated with the latest software and patches, creating an account with Google Webmaster Tools to see what's being indexed, keeping tabs on your log files to make sure nothing fishy's going on, etc. (There's more information in the Quick Security Checklist we posted last year.)

Remember that you're not alone—hacked sites are becoming increasingly common. Getting hacked can result in your site being infected with badware (more specifically malware, one type of badware). Take a look at StopBadware's recently released report on Trends in Badware 2007 for a comprehensive analysis of threats and trends over the previous year. Check out this post on the Google Online Security Blog which highlights the increasing number of search results containing a URL labeled as harmful. For even more in-depth technical reports on the analysis of web-based malware, see The Ghost in the Browser (pdf) and this technical report (pdf) on drive-by downloads. Read these, and you'll have a much better understanding of the scope of the problem. They also include some real examples for different types of malware.

The first step in any case should be to contact your hosting provider, if you have one. Often times they can handle most of the technical heavy lifting for you. Lots of webmasters use shared hosting, which can make it difficult to do some of the things listed below. Certain tips labeled with an asterisk (*) are cases in which webmasters using shared hosting will most likely require assistance from their hosting provider. In the case that you do have full control over your server, we recommend covering these four bases:

Getting your site off-line

Take your site off-line temporarily, at least until you know you've fixed things.*

If you can't take it off-line, return a 503 status code to prevent it from being crawled.

In the Webmaster Tools, use the URL removal tool to remove any hacked pages or URLs from search results that may have been added. This will prevent the hacked pages from being served to users.

If your site was flagged as having malware, request a review to determine whether your site is clean

If you used the URL removal tool on URLs which you do want in the index, request that Webmaster Tools re-include your content by revoking the removal.

Keep an eye on things, as the hacker may try to return.

Answers to other questions you may be asking:

Q: Is it better to take my site off-line or use robots.txt to prevent it from being crawled?A: Taking it off-line is a better way to go; this prevents any malware or badware from being served to users, and prevents hackers from further abusing the system.

Q: Once I've fixed my site, what's the fastest way to get re-crawled?A: The best way, regardless of whether or not your site got hacked, is to follow the Webmaster Help Center guidelines.

Q: I've cleaned it up, but will Google penalize me if the hacker linked to any bad neighborhoods?A: We'll try not to. We're pretty good at making sure good sites don't get penalized by actions of hackers and spammers. To be safe, completely remove any links the hackers may have added.

Q: What if this happened on my home machine?A: All of the above still applies. You'll want to take extra care to clean it up; if you don't, it's likely the same thing will happen again. A complete re-install of the OS is ideal.